- Product Introduction
- Purchase Guide
- Getting Started
- Console Guide
- Developer Manual
- API Documentation
- Bucket Configuration
- Image Processing
- Basic Image Processing
- Scaling
- Cropping
- Rotating
- Converting Format
- Quality Change
- Gaussian Blurring
- Adjusting Brightness
- Adjusting Contrast
- Sharpening
- Image Watermarking
- Text Watermarking
- Obtaining Basic Image Information
- Obtaining Image EXIF
- Obtaining Image’s Average Hue
- Removing Image Metadata
- Quick Thumbnail Template
- Pipeline Operators
- Limiting Output Image Size
- Supported Fonts
- Image Styles
- Persistent Image Processing
- Image Compression
- Basic Image Processing
- Error Codes
- FAQs
- Product Introduction
- Purchase Guide
- Getting Started
- Console Guide
- Developer Manual
- API Documentation
- Bucket Configuration
- Image Processing
- Basic Image Processing
- Scaling
- Cropping
- Rotating
- Converting Format
- Quality Change
- Gaussian Blurring
- Adjusting Brightness
- Adjusting Contrast
- Sharpening
- Image Watermarking
- Text Watermarking
- Obtaining Basic Image Information
- Obtaining Image EXIF
- Obtaining Image’s Average Hue
- Removing Image Metadata
- Quick Thumbnail Template
- Pipeline Operators
- Limiting Output Image Size
- Supported Fonts
- Image Styles
- Persistent Image Processing
- Image Compression
- Basic Image Processing
- Error Codes
- FAQs
Tencent Cloud Infinite (CI) verifies the validity of requests through signatures. Developers grant a signature to the client to allow it to upload, download, and manage specific resources.
With CI, an anonymous HTTP request or signed HTTP request can be made by using the RESTful API. For a signature request, the server will authenticate the initiator.
- Anonymous request: the HTTP request does not include any identity or authentication information, and the HTTP request is made through the RESTful API.
- Signature request: a signature is included in the HTTP request, and authentication is performed after the server receives the request. The request is approved and executed after a successful authentication, otherwise it is discarded with an error message.
Cloud Infinite uses the same signature algorithm as Cloud Object Storage (COS) on which it is based. It performs authentication using a custom scheme based on HMAC (Hash Message Authentication Code).
Signature Algorithm
There are XML and JSON signatures:
- Use JSON signatures for downloading operations.
- Use XML signatures for the uploading and bucket API operations. For more information, see XML Request Signature.
- The host in the downloading request header looks like
<BucketName-APPID>.<picture region>.myqcloud.com/<picture name>, for example,examplebucket-1250000000.picsh.myqcloud.com/picture.jpeg. - The host in the uploading request header looks like
<BucketName-APPID>.pic.<Region>.myqcloud.com, for exampleexamplebucket-1250000000.pic.ap-shanghai.myqcloud.com/picture.jpeg.
Scenarios
| Scenario | Applicable Signature | |
|---|---|---|
| Processing during data downloading | Hotlink protection is disabled | No signature verification |
| Hotlink protection is enabled | JSON signature | |
| Processing during data uploading | Persistence processing | XML signature |
| Bucket API operations | Query, enable, delete, and others | XML signature |
| Content recognition | Detect content related to pornography, politics, violence, and terrorism | XML signature |
Signature Tool
The information that is required for generating a signature includes the APPID (such as 1250000000), bucket name (such as examplebucket-ci), and SecretID and SecretKey of the project.
The preceding information can be obtained as follows:
- Log in to CI Console, and click Bucket Management in the left sidebar.
- Click the bucket that you want to manage to go to the bucket management page.
- Click Bucket Configuration to view the bucket name and bucket ID. Create a bucket if the current project does not contain one yet. For more information, see Creating Buckets.
- Go to the API key management page in CAM to get the SecretID and SecretKey.
CI follows the same process for computing a signature as COS.
Using Signatures
Signed HTTP requests initiated through RESTful APIs can pass signatures in the following ways:
- Pass through a standard HTTP Authorization header, such as
Authorization: q-sign-algorithm=sha1&q-ak=...&q-sign-time=1557989753;1557996953&...&q-signature=... - Pass as an HTTP request parameter (be sure to implement UrlEncode), such as
/exampleobject?q-sign-algorithm=sha1&q-ak=...&q-sign-time=1557989753%3B1557996953&...&q-signature=...
In the preceding example,
...is used to substitute the specific signing information.
Yes
No
Was this page helpful?